TechTarget

Flash flaw threatens flood of security breaches

A security hole in the widely used Macromedia Flash file format used with Web browsers can allow an attacker to execute code of...

A security hole in the widely used Macromedia Flash file format used with Web browsers can allow an attacker to execute code of their choice on affected systems, according to a security alert by eEye Digital Security.

The vulnerability is limited to Flash files edited by hand with a binary editor but is serious nonetheless.

The Flash application will not produce files that contain the vulnerability on its own, according to a separate security alert from Macromedia.

The vulnerability is dangerous because it affects Web browsers, which are trusted by firewalls to receive incoming traffic, and because it affects all versions of Flash used in the Internet Explorer and Netscape Navigator Web browsers running on both Windows and Unix, eEye said.

The flaw comes as the result of a problem in the data header of Flash files, which allows an attacker to supply more data to the file decoder than is expected and, in turn, can lead to code execution, eEye said.

Because the vulnerability is browser-based, it can be exploited in any situation in which a Web browser views a Flash file, such as on Web pages, in e-mail or newsgroups, eEye wrote.

Macromedia has released more information about the flaw and a new Flash player that addresses the problem at: www.macromedia.com/v1/handlers/index.cfm?ID=23293&Method=Full&TitlePSB02%2D09%20%2D%20Macromedia%20Flash%20Malformed%20Header%20Vulnerability%20Issue&Cache=False

CW+

Features

Enjoy the benefits of CW+ membership, learn more and join.

Read more

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCIO

SearchSecurity

SearchNetworking

SearchDataCenter

SearchDataManagement

Close